this repo has no description
lewis.moe
1# Lewis' Big Boy TODO list
2
3## Active development
4
5### Frontend
6So like... make the thing unique, make it cool.
7
8- [ ] Frontpage that explains what this thing is
9- [ ] Unique "brand" style both unauthed and authed
10- [ ] Better documentation on how to sub out the entire frontend for whatever the users want
11
12### Delegated accounts
13Accounts controlled by other accounts rather than having their own password. When logging in as a delegated account, OAuth asks you to authenticate with a linked controller account. Uses OAuth scopes as the permission model.
14
15- [ ] Account type flag in actors table (personal | delegated)
16- [ ] account_delegations table (delegated_did, controller_did, granted_scopes[], granted_at, granted_by, revoked_at)
17- [ ] Detect delegated account during authorize flow
18- [ ] Redirect to "authenticate as controller" instead of password prompt
19- [ ] Validate controller has delegation grant for this account
20- [ ] Issue token with intersection of (requested scopes :intersection-emoji: granted scopes)
21- [ ] Token includes act_as claim indicating delegation
22- [ ] Define standard scope sets (owner, admin, editor, viewer)
23- [ ] Create delegated account flow (no password, must add initial controller)
24- [ ] Controller management page (add/remove controllers, modify scopes)
25- [ ] "Act as" account switcher for users with delegation grants
26- [ ] Log all actions with both actor DID and controller DID
27- [ ] Audit log view for delegated account owners
28
29### Migration tool
30Seamless account migration built into the UI, inspired by pdsmoover. Users shouldn't need external tools or brain surgery on half-done account states.
31
32- [ ] Add `migratingTo` parameter to `deactivateAccount` endpoint
33- [ ] For self-hosted did:web users: set `migrated_to_pds`, update DID doc serviceEndpoint
34- [ ] "Migrated" account state for self-hosted did:web: can authenticate but no repo operations
35- [ ] Migrated did:web user UI: minimal dashboard with "update forwarding PDS" setting, or full migration wizard to handle PDS 2 -> PDS 3 moves automatically
36- [ ] Outbound UI wizard: new PDS URL -> export repo -> guide account creation -> complete migration
37- [ ] Inbound UI wizard: login to old PDS -> choose handle -> import -> PLC token flow
38- [ ] Support `createAccount` with existing DID + service auth token
39- [ ] Progress tracking with resume capability
40- [ ] Scheduled automatic backups (CAR export)
41- [ ] One-click restore from backup
42
43### Plugin system
44Extensible architecture allowing third-party plugins to add functionality, like minecraft mods or browser extensions.
45
46- [ ] Research: survey Fabric/Forge, VS Code, Grafana, Caddy plugin architectures
47- [ ] Evaluate rust approaches: WASM, dynamic linking, subprocess IPC, embedded scripting (Lua/Rhai)
48- [ ] Define security model (sandboxing, permissions, resource limits)
49- [ ] Plugin manifest format (name, version, deps, permissions, hooks)
50- [ ] Plugin discovery, loading, lifecycle (enable/disable/hot reload)
51- [ ] Error isolation (bad plugin shouldn't crash PDS)
52- [ ] Extension points: request middleware, record lifecycle hooks, custom XRPC endpoints
53- [ ] Extension points: custom lexicons, storage backends, auth providers, notification channels
54- [ ] Extension points: firehose consumers (react to repo events)
55- [ ] Plugin SDK crate with traits and helpers
56- [ ] Example plugins: custom feed algorithm, content filter, S3 backup
57- [ ] Plugin registry with signature verification and version compatibility
58
59### Plugin: Private/encrypted data
60Records that only authorized parties can see and decrypt. Requires key federation between PDSes. Implemented as a plugin using the plugin system above.
61
62- [ ] Survey current ATProto discourse on private data
63- [ ] Document Bluesky team's likely approach
64- [ ] Design key management strategy
65- [ ] Per-user encryption keys (separate from signing keys)
66- [ ] Key derivation for per-record or per-collection encryption
67- [ ] Encrypted record storage format
68- [ ] Transparent encryption/decryption in repo operations
69- [ ] Protocol for sharing decryption keys between PDSes
70- [ ] Handle key rotation and revocation
71
72---
73
74## Completed
75
76Core ATProto: Health, describeServer, all session endpoints, full repo CRUD, applyWrites, blob upload, importRepo, firehose with cursor replay, CAR export, blob sync, crawler notifications, handle resolution, PLC operations, full admin API, moderation reports.
77
78did:web support: Self-hosted did:web (subdomain format `did:web:handle.pds.com`), external/BYOD did:web, DID document serving via `/.well-known/did.json`, migration tracking for did:web users who leave (serviceEndpoint redirect), clear registration warnings about did:web trade-offs vs did:plc.
79
80OAuth 2.1: Authorization server metadata, JWKS, PAR, authorize endpoint with login UI, token endpoint (auth code + refresh), revocation, introspection, DPoP, PKCE S256, client metadata validation, private_key_jwt verification.
81
82OAuth Scope Enforcement: Full granular scope system with consent UI, human-readable scope descriptions, per-client scope preferences, scope parsing (repo/blob/rpc/account/identity), endpoint-level scope checks, DPoP token support in auth extractors, token revocation on re-authorization, response_mode support (query/fragment).
83
84App endpoints: getPreferences, putPreferences, getProfile, getProfiles, getTimeline, getAuthorFeed, getActorLikes, getPostThread, getFeed, registerPush (all with local-first + proxy fallback).
85
86Infrastructure: Sequencer with cursor replay, postgres repo storage with atomic transactions, valkey DID cache, debounced crawler notifications with circuit breakers, multi-channel notifications (email/Discord/Telegram/Signal), image processing, distributed rate limiting, security hardening.
87
88Web UI: OAuth login, registration, email verification, password reset, multi-account selector, dashboard, sessions, app passwords, invites, notification preferences, repo browser, CAR export, admin panel, OAuth consent screen with scope selection.
89
90Auth: ES256K + HS256 dual support, JTI-only token storage, refresh token family tracking, encrypted signing keys (AES-256-GCM), DPoP replay protection, constant-time comparisons.
91
92Passkeys and 2FA: WebAuthn/FIDO2 passkey registration and authentication, TOTP with QR setup, backup codes (hashed, one-time use), passkey-only account creation, trusted devices (remember this browser), re-auth for sensitive actions, rate-limited 2FA attempts, settings UI for managing all auth methods.